Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

DillyTonto writes "U.S. officials have acknowledged playing a role in the development and deployment of Stuxnet, Duqu and other cyberweapons against Iran. The acknowledgement makes cyberattacks more legitimate as a tool of not-quite-lethal international diplomacy. It also legitimizes them as more-combative tools for political conflict over social issues, in the same way Tasers gave police less-than-lethal alternatives to shooting suspects and gave those who abuse their power something other than a club to hit a suspect with. Political parties and single-issue political organizations already use 'opposition research' to name-and-shame their opponents with real or exaggerated revelations from a checkered past, jerrymander districts to ensure their candidates a victory and vote-suppression or get-out-the-vote efforts to skew vote tallies. Imagine what they'll do with custom malware, the ability to DDOS an opponent's web site or redirect donations from an opponent's site to their own. Cyberweapons may give nations a way to attack enemies without killing anyone. They'll definitely give domestic political groups a whole new world of dirty tricks to play."

Maybe I'm still too young and naive, but this idea seems more of a way for bad actions to be perpetrated by people claiming to be the good guys (which again 'good guys' is subjective). I understand secrecy during an operation, but the objective good guys should be able to own up to their deeds. If the intelligence organizations can't stand behind their deeds, then they deserve the disgust they have earned.

"Tricks and treachery are the practice of fools, that don't have brains enough to be honest."
- Benjamin Franklin

As an American (I'm looking at you too Russia), I can't help but feel more and more responsible for tragedies in the present day. Most of the places lashing out (Iran, Iraq, Libya, Syria, Mexico, and South America) were armed and encouraged to fight by the US. Now the US is trying to put down it's 'dogs' of war.

It would be simple matter, except these 'dogs' are nations like us. What gives us the right?

You gonna throw the POTUS in jail? Because they are ALL doing it trying to give the people something, ANYTHING, other than the dismal employment numbers which they know will screw them in November.

As for TFA the only difference it will make is that black hats will be treated like arms dealers, scummy but useful so they'll be able to get by with more shit. I also suspect all those black markets where shit like zero days are sold won't be getting shut down now either.

Sorry but it looks like he is, as I believe ordering the execution of an American without trial IS illegal, as is warrantless wiretapping of citizens. Of course Bush did similar moves but illegal is illegal and all we got under Obama was Bush's third term, with all the dirty dealing plus a few new ones like using Fast&Furious to try to run a false flag op on the American people. And if THAT isn't an impeachable offense frankly then nothing is.

" They'll definitely give domestic political groups a whole new world of dirty tricks to play."

As if they didn't have them before?

The implication is they didn't use them before. The US government is saying now "We're using cyberattacks, and that's cool" (or "We are cyberterrorists" if you prefer escalated language). If the other countries don't respond with an outcry and demand consequences -- like what would happen if the US bombed a factory in another country -- that becomes legitimized.

However, for the case of Stuxnet this is a bad analogy -- it's more like if the US managed to replace the parts in a delivery with bad/broken parts

The statement about the US creating Stuxnet was made by a guy writing a book using sources that can not be independently verified. Your link only addresses a "what if" scenario. The US government has not admitted to creating the attack. How could they? According to a lot of people the US is stupid and incapable of doing anything this complex. The code has been scrutinized since it came out and even the smartest engineers and programmers in the world have not uncovered anything that can be traced bac

Sure they could have did it but so could a lot of countries. Claiming the US did it using nothing but opinions and theories with no real facts is the problem. And Iran was lucky it was a cyber attack instead of Isreal giving them a couple of nulcear weapons to demonstrate the power they possess when used.

The need for testing the results on P-1 centrifuges puts the code creation in the hands of a few world powers.

They wouldn't need to test on the actual centrifuges- if they know how much of an increase in speed is required to harm them, they can just test the effects of the virus on a same model controller and verify the change in the output channel controlling the centrifuge.

The US loves the idea of equipping drones with very fast, explosive missiles.

The US will, in time, find a way to patrol the interior with drones equipped with very fast, explosive missiles.

The US will come under a terrorist attack from its own weapon systems.

Reasoning -> I am fairly certain that a swarm of drones can have its firmware corrupted to follow orders from a non-legitimate source. I am also fairly certain that Hellfire missiles or some other ordinance likely to be equipped on said drones has enough destructive capacity to take out civilian aircraft, train bridges, or even make it inside the defensive perimeter of the White House.

One need only think what a dozen drones, equipped with air-to-air, could achieve if someone compromised them, and flew them to a nearby major airport, with programming to lock onto various targets. Assuming 2 missiles per drone, and 100% accuracy of unique targets, that comes out to 12 747s (which are not equipped with EM counter-measures) dropping out of the sky.

Assuming air-to-land ordinance, any bridge (train or otherwise) would make a fair target. Take out enough structural supports, and the deaths could be in the hundreds. This is, of course, assuming classical thinking. If we move off of that, than any skyscraper, chemical plant, etc. could become a target. This is, of course, assuming we are going for the most visibly destructive targets.

Assuming air-to-sea ordinance, any large tanker or cruise ship becomes a target.

As I recommended before, immediate termination of the drone programs would be in the best interest of the sane.

There's so much wrong with what you've postulated, I honestly don't even know where to begin. Fortunately, I've signed papers that say I can't begin, so I'll just enjoy a good laugh and move along. Your time would have been more productively spent reading a good book. At the rate you're going, you're surely not going to make it as an author, though.

Iran appears to have brought down one of these drones by faking GPS signals. It seems possible the same trick could be used to get these things to land or crash anywhere. Assuming we are talking about unarmed drones they still look like big heavy things that would do some damage to a solid building.

I assume the GPS faking equipment would also mess up satellite navigation for a few thousand cars, that could well do more economic damage than putting a dent in one government office.

I'd be more interested in the prospect of getting some of the chips, slicing them, and looking at them under an electron microscope. From there, it would be possible to reverse engineer the various control systems. Even doing it blindly (ripping out the chips, and playing with things 'manually' to see what various thing do), it may be possible to build a chip, albeit with completely different internals, that could command the drone.

While it would be consider somewhat a fantasy right now, it would be enterta

"I would absolutely love to hear your qualifications for this statement." -> Seriously, this, on/.? It's a flying computer built by a bunch of military contractors.

Bring one to the next major computer trade show, and leave it inside over night. If it isn't outright stolen, it'll be sporting a Tux sticker on its side as a handful of attendants will stay up all night to get Linux running on the damn thing. "Dude, I've got the kernel up and running, but I can't decide: KDE or Gnome?"

Can you corrupt a drone firmware - sure. Can you physically acquire the swarm of drones, then deploy them into US airspace? Or if you make your own drones, can you get the hellfire missles? I just seems far fetched. But granted, not impossible.

"I would absolutely love to hear your qualifications for this statement." -> Seriously, this, on/.? It's a flying computer built by a bunch of military contractors.

Bring one to the next major computer trade show, and leave it inside over night. If it isn't outright stolen, it'll be sporting a Tux sticker on its side as a handful of attendants will stay up all night to get Linux running on the damn thing. "Dude, I've got the kernel up and running, but I can't decide: KDE or Gnome?"

I'm more interesting in hearing the qualifications for this statement:

"I am also fairly certain that Hellfire missiles or some other ordinance likely to be equipped on said drones has enough destructive capacity to take out civilian aircraft, train bridges, or even make it inside the defensive perimeter of the White House."

There's not a whole lot of need or justification for equipping drones with weapons internally. The need for weaponized drones is in areas where there's a significant risk for loss of life

Replace military with police.Those drones could have tasers, shooting rubber bullets, maybe radio interference etc.Tho by itself can do quite a bit of havoc on small scale, but maybe if you crash the drones intentionally on something larger?

Cyberweapons may give nations a way to attack enemies without killing anyone. They'll definitely give domestic political groups a whole new world of dirty tricks to play."

Your sense of 'military and collateral' damage is very skewed, there, article submitter. So 2-3% of military troops on the ground won't die, or any other native county civilians along the way, but you're ok with the vulnerability of a digital US infrastructure that has MILLIONS upon MILLIONS of US federal, contractor, civilian and citizen 'at risk.

This isn't a new pandora's box. What makes it shock value is that it's one thing to admit being behind Stuxnet, it's another to admit you're the United State Goverment and you're behind Stuxnet.

It's not like this is going to be anything new in principle. Cyberattacks like Stuxnet are just another tool that governments will use in secret ops. This happens all the time. Nations send spies to other nations that try to get classified info, in some cases there are special forces soldiers operating on secret missions in foreign countries - missions that may involve killing - and all of that is stuff that typically gets denied on the official level for many years.

It's very different because you don't need to respond to cyber attacks via conventional means, you hack right back.

Which means it's unbelievably stupid for the West to start this shit since we have literally trillions of dollars of horrifyingly vulnerable technological infrastructure, while the terrorists have jack shit in this regard.

The most horrifying thing of all is, as soon as any of the victims strike back it'll be their excuse to destroy the free and open Internet once and for all.

They know what happens, it's just that they also know what would happen if governments weren't run by greedy tools.

"Solidarity is the tenderness of the peoples."

Because if real people have better things to do with their own little lives, how much more so on larger scales. And people pay for this stuff -- so they have a right to be "shocked". And it's not like they're not being deceived in small and big ways 24/7, too. Way to be ironic, being shocked that the public is shocked and all that. How do you DO thi

I grew up believing in the US as a beacon for freedom and fairness. Okay, so it was the 60's and 70's and given what was going down in South America it was probably all a lie then.

Thing is, just recently the US stated that they view a cyber attack as an act of war. Given how targeted Stuxnet was, by this admission they have clearly stated that it is okay for the US to commit an act of war on Iran, a country that has no history of aggression (although plenty of rhetoric, but that is not uncommon for the region).

How would you US citizens feel if you were on the receiving end of Predator drones, cyber attacks and Shock and Awe?

Iran? The UK owned it, got its oil real, real cheap. The US and UK installed the Shah, then let Iraq invade...
Kind of hard to build an empire when you are part of one or having your gov overthrown or been invaded:)

Iran/Persia was never part of the British Empire.The last time they started a war was in 1826 when they attacked Russia. The two nations had fought a number of wars before that so there was plenty of bad blood between the two. So not quite sure where your "part of one" comes from in relation to empires, but they had plenty of opportunity to be aggressive if they desire to be so.

This is the country that didn't use chemical weapons in the Gulf War (the real one, the one that killed a million people) despite Iraq doing so with the complicity of the US.

All I am saying is that when it comes to moral high ground, the US of A has plenty of looking up to do.

Read up on http://en.wikipedia.org/wiki/Anglo-Persian_Oil_Company [wikipedia.org]
16% of any profits, the British government bought the D'Arcy concession (principal stockholder) ensuring form ~1920s into the 1940s Iran's oil was "UK" oil:)
In 1951 Iran wanted its oil profits back, the UK/CIA Operation Ajax resulted and then you had the Shah.

"The provision of chemical precursors from United States companies to Iraq was enabled by a Ronald Reagan administration policy that removed Iraq from the State Department's list of State Sponsors of Terrorism. Leaked portions of Iraq's "Full, Final and Complete" disclosure of the sources for its weapons programs shows that thiodiglycol, a substance needed to manufacture mustard gas, was among the chemical precursors provided to Iraq from US companies such as Alcolac International and Phillips."

They knew what was going on. They chose to ignore it because of the embarrassment that Iran had caused the US after the overthrow of the Shah.

Yes I understand how Sadam got hold of the weapons and to be fair I did use the caveate: "or at least when the bloated bodies turned up on the BBC". Whatever the wests true motives, those reports put a huge amount of pressure on the west to drop their military support, which they did like the proverbial hot potato.

Was the public outrage against the west's support diliberately triggered by the west themselves as a convienient excuse to isolate him for other reasons? - Occam's razor says no, the west simpl

With the US having so many soft cyber-targets, namely water and electric plants, transportation systems, etc, we should be really careful of throwing the first cyber stones around, no matter how carefully we think we have camouflaged our glass houses.

BTW, In how many countries do we now have American combat troops?According to the Defense Department’s Base Structure Report, FY 2002, U.S. troops are stationed in 156 countries. There are only 46 countries left without an American military presence.

If we remove the misnomer of 'cyberwarfare' and call it instead 'cyberespionage' which it is really is, would you be so offended? Governments since their inception have relied on espionage of all kinds, and don't shy away from the revelation. I don't think anyone should be surprised or offended to see espionage happening. As far as business and politics, espionage has played its part and this merely broadens the scope a little.

What happened in the 70s in South America is vastly different than what is being

Having attended a number of security conferences recently where cyber attacks on infrastructure (which is what Stuxnet was) were discussed in detail, I can't share you 'unconcerned'. You start putting viruses in industrial processing equipment and you could end up with a Fukishima or Bhopal. One attack I have seen demonstrated involved a virus being injected via the wireless connections on control vales in a oil refinery, and then hopping across 16 bit processors and RS232 connections. I didn't follow the whole thing, but the PHD guys that demonstrated it were pretty convincing. Hey presto, hacker just got control of your oil refinery.

Thing is, the "bad guys" have PHD propeller heads too. In fact, depending on which countries you regard as bad guys, they may well have more than you. A world where this sort of thing (and extra judicial murders via drone strikes come to that) is normal is not a world that I am comfortable with.

If you've been comfortable with the world we've been in for, oh, say, the past several thousand years , well all I can say is you're doing it wrong. This sort of thing (minus the computer stuff) has been going on for as long as humans have written things down.

Okay, so it was the 60's and 70's and given what was going down in South America it was probably all a lie then.

South America? How about right here in the United States? In the 1960s, the FBI was investigating people who dared to take a stand for their own civil rights, looking for ways to discredit them. It was illegal for two men to dance with each other in some states in the 1960s. In the 1970s, the executive branch of government gained the power to dictate some of the laws it is charged with enforcing. The 1970s saw the rise of paramilitary police across the country -- cops who would easily be mistaken for soldiers if their helmets and body armor was not clearly labeled "POLICE."

How would you US citizens feel if you were on the receiving end of Predator drones, cyber attacks and Shock and Awe?

As opposed to having our homes invaded by men with assault rifles, who shoot our dogs and kill, injure, and terrorize innocent people? I think you need to take another look at what is happening in the United States. We already have the largest prison population on Earth, heavily militarized law enforcement organizations that double as intelligence agencies, and a president who signed into law a bill that allows people to be detained indefinitely without trial, and who has ordered the assassination of US citizens.

So what hypocrisy were you referring to? I think we are doing a fine job of spreading our "democracy."

Note: No I'm not criticizing the US military, or veterans. I'm a veteran. My point is that military forces do not provide "freedom", that must come from internal political and judicial processes, which must in turn arise from the desires and actions of the citizenry at large. Military forces just make it possible for us to do whatever we're going to do free of external coercion. What we choose to do, though, can go either way.

Sorry for the semi-OT post. It just struck a chord, in light of the recent holiday and the flurry of "thank a veteran" messages it always spawns.

How would you US citizens feel if you were on the receiving end of Predator drones, cyber attacks and Shock and Awe?

As opposed to having our homes invaded by men with assault rifles, who shoot our dogs and kill, injure, and terrorize innocent people? I think you need to take another look at what is happening in the United States.

Exactly. There was a disturbing case in my backwater suburb recently that illustrates it... Police had a warrant for a 20-year-old murder suspect's arrest, knew where he lived (with his parents & teen brother) & worked, and he had been in court a week earlier. So without contacting *our* police, 40-50 heavily armed Homeland Security agents burst into the family's home at 4:20 AM yelling and lobbing flash grenades & tear gas through the windows. When the guy and his 57-year-old father crawled

... Iran, a country that has no history of aggression (although plenty of rhetoric, but that is not uncommon for the region).

Not that I don't disagree with you in principle, but since you claim to have grown up in the 60's and 70's, you may have selectively forgotten about the USA-Iran hostage situation and the Iran-Iraq war...

Nah, not forgotten about the hostage crisis, or the botched attempt to get them back. Quite apart from that not being a war, it was also very complex from a political point of view. After the revolution they took over the US embassy. Why? Because the CIA had previously used it as a base for a military coup. You would think that this idea of embassies being off limits would bring responsibilities with the freedoms.

What I don't get is that the US seems to need a bogey man, and Iran is currently unfortunately

Why do you think hypocrisy is so bad? I personally can think of a lot of traits that are worse. The redeeming feature of hypocrisy is that it gives you a lever by which to get people to do good things even if they only do so for appearances.

I grew up believing in the US as a beacon for freedom and fairness. Okay, so it was the 60's and 70's and given what was going down in South America it was probably all a lie then.

Those of us growing up in the US in the 80s & 90s were led to believe in the nation's original ideals as well. It was a serious shock when I got to high school and had teachers that worked the reality behind modern-day events into the curriculum when relevant (i.e. government, history, literature).

How would you US citizens feel if you were on the receiving end of Predator drones, cyber attacks and Shock and Awe?

Trouble is, as tends to be the case with corrupt governments, average US citizens aren't the same as the US government that has been taking those actions... We have little-to-no power beyond the local level,

...Thing is, just recently the US stated that they view a cyber attack as an act of war. Given how targeted Stuxnet was,...

Due to the limited scope, maybe Stuxnet should be classified as a Cyber-Police-Action?

Iran, a country that has no history of aggression...

Oh please. Do you mean except for massive funding [cfr.org] and arming of terrorist groups [wikipedia.org] in other countries? The U.S. may not be completely clean on this one, but don't pretend that Iran is even close to being innocent here.

If a hacker gets caught causing damage to a company's infrastructure it's hard to imagine him not going to jail and/or having to pay for the damages he/she caused. Given that Stuxnet spread around the world, do the victims get to send their cleanup bills to Uncle Sam?

Do you think the region will just welcome US and German "exports" again? Will Indonesia, India, Azerbaijan, Pakistan be so happy to have to clean out software and hardware over another generation?
Industrial software is a small world and 2 big names will be recalled for sometime. They might get lucky and be near monopolies in their respective fields but it will not be as easy to just 'sell' a complex export product... China, South Africa, Brazil, Canada, other EU members will be offering systems too... b

Lets all hope that when the shit hits the fan we can close that box of tricks. Too much power in the wrong hands is a very dangerous thing and where does it stop. Also, who has oversight of our dirty little cyber (I hate that word) war. The last thing we need is unchecked use of this technology.

Political parties and single-issue political organizations already use 'opposition research' to name-and-shame their opponents with real or exaggerated revelations from a checkered past.

So true. Here in my country (Philipppines), an accounting error was used to remove the chief justice of our Supreme Court [wikipedia.org]. To cut a long story short, the guy made some decisions that appeared to derail or delay the political plans of the incumbent president. When direct evidence of corruption proved wanting, the justice's b

At the moment, I'll put Anonymous or a group of Eastern European boys I met a few years ago against the best that a political party's "opposition team" can put together.

Playing War in a distributed worldwide network is not the same as throwing a bunch of hardware onto a battlefield.

So far, the best armies on the Internet are not the ones affiliated with a government or establishment political party. Hell, despite the Octopus doing its best, Pirate Bay and wikileaks are still up and running. If they go down, I'll be more worried.

At the moment, I'll put Anonymous or a group of Eastern European boys I met a few years ago against the best that a political party's "opposition team" can put together.

Playing War in a distributed worldwide network is not the same as throwing a bunch of hardware onto a battlefield.

So far, the best armies on the Internet are not the ones affiliated with a government or establishment political party. Hell, despite the Octopus doing its best, Pirate Bay and wikileaks are still up and running. If they go down, I'll be more worried.

Just as they can and do play espionage in meatspace. Your little guerilla operations will be short lived if they sufficiently annoy powerful governments.

Don't fool yourself, computer networks can be tamed much easier than than say, the ocean. The players involved just haven't committed the same level of effort. The Internet isn't run on pixie dust buddy.

First of all, industrial warfare as we know it is going to start fading quickly.

You just do not need to spend lavishly if your opponent depends on computer technology to order, work-flow and conduct a military action anymore. War is going to get cheap!

So forget about so many tanks, aircraft and soldiers. All you need to do is confuse the enemy, keep their soldiers from getting paid, food, water and old style ammunition - bullets or new style ammunition - packet flow.

"So forget about so many tanks, aircraft and soldiers. All you need to do is confuse the enemy, keep their soldiers from getting paid, food, water and old style ammunition - bullets or new style ammunition - packet flow."

Then the counter-move is take shit off the internet which should NEVER have been ON it in the first fucking place. BTW food and water and ammo shipments may be expedited by the internet but can be done without it. Network outages are part of training scenarios.

The word gerrymander (originally written Gerry-mander) was used for the first time in the Boston Gazette on March 26, 1812. The word was created in reaction to a redrawing of Massachusetts state senate election districts under the then-governor Elbridge Gerry (pronounced/ri/; 1744–1814).

I am a bit worried if Stuxnet is state of the art and the U.S. military has now taught the world including its enemies what it thinks is quality coding for cyber weapons. Seems Obama was swayed by the relative lack of expense but it certainly is not low profile or containable. I don't know much about Stux at all but one would imagine that centrifuges are not the only industrial infrastructure that could be targeted by such a weapon. Now you know what every black hat is working on these days, when they are not stealing bitcoins. Unfortunately the posts about drones being the next cyberwar vector are probably true, whether in 1 year or 20 it seems inevitable. The question next is active defense by buildings, airports, aircraft, highway interchanges, bridges, power plants, etc. If the U.S. saw a window in time when such a cyber attack would be little understood and so not be defended against, then how long is the current window in time regarding rogue drone attacks? I don't see much difference between home use R/C and industrial drones either.

"Cyberweapons may give nations a way to attack enemies without killing anyone."

I doubt very much that there was no loss of life involved in Stuxnet's effects. A P2 gas centrifuge that spins so fast that there are only a few metal alloys in the world that are tough enough to hold together. When one of those tubes lets go because it wobbles at one of the unstable speed zones it enters, or because it over-runs (as Stuxnet made happen), it's like a grenade going off. As I recall the estimate was that at least 40% of the centrifuges at Natanz failed in this fashion...and I find it difficult to imagine that nobody was ever standing near any of them when it happened.

Even for a paranoid conspiracy theory, that's a terrible theory. You forgot to use the words "laser", "fluoride", "chemtrail", "thermite", and "Gay Mayan Leprechaun Ninjas from the year 2012." Also, of course, the Chernobyl explosion was caused by the CIA in order to cover up the fact that Obama was born in a Nicaraguan Satanic temple earlier that day... making him too young to be president.

Either the Soviets didn't realize that they had been the victims of a cyber attack because the Americans waited un

I'm not too worried about domestic groups using such tactics. They are largely illegal already. And well enforced treaties between stable nations will take care of cross border private attacks.

I do worry about nations using such tactics as a means of war. Wars escalate and can lead to armed conflict. Since such techniques are available to some of the smallest, weakest nations, they will be attracted to their use. Just to demonstrate some sort of equality with the big players. But the big players don't like